hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
dfd18a51ee4a019681b70115852f67ad917b8832
codeql/change-notes/1.23/analysis-javascript.md
Asger F dfd18a51ee JS: Change note
2019-09-06 16:03:16 +01:00

1.8 KiB
Raw Blame History

Improvements to JavaScript analysis

General improvements

  • Support for the following frameworks and libraries has been improved:

  • The call graph has been improved to resolve method calls in more cases. This may produce more security alerts.

New queries

Query Tags Purpose

Changes to existing queries

Query Expected impact Change
Client-side cross-site scripting (js/xss) More results More potential vulnerabilities involving functions that manipulate DOM attributes are now recognized.
Prototype pollution (js/prototype-pollution) More results The query now highlights vulnerable uses of jQuery and Angular, and the results are shown on LGTM by default.
Incorrect suffix check (js/incorrect-suffix-check) Fewer false-positive results The query recognizes valid checks in more cases.

Changes to QL libraries

  • Expr.getDocumentation() now handles chain assignments.